occ

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its OpenCode controller purpose, but first use can automatically run npm dependency installation without clear upfront disclosure.

Install only if you trust the publisher, the local OpenCode CLI, and npm package installation in this environment. Run it only in the exact project directory you want OpenCode to work on, keep version control available, and review any resulting code changes. Be aware that first use may fetch and run npm dependency installation under your user account.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The CLI silently performs dependency installation as a side effect before handling normal session-management commands. In a security-sensitive agent skill, automatically invoking package installation expands the tool's behavior from local task control into network-backed code acquisition and execution, which increases supply-chain and unexpected-execution risk.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Executing `npm install` via a subprocess causes the CLI to fetch and run package lifecycle scripts from dependencies, which can execute arbitrary code during installation. Because this occurs automatically when `node_modules` is absent, a simple invocation of the tool can trigger unreviewed code execution and network access beyond the stated purpose of session management.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill’s trigger guidance is broad enough to match generic development requests, which can cause the agent to invoke a powerful code-execution/controller skill in situations where it was not explicitly intended. Because this skill can manage sessions and drive OpenCode task execution, overbroad invocation increases the chance of unintended code changes, unsafe automation, or misuse from loosely related prompts.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation states that the script will automatically start an OpenCode Server if none is found, but it does not present this as a clear upfront warning or emphasize the side effect of spawning a local process. Hidden or underemphasized process creation is dangerous because users or higher-level agents may invoke the skill expecting a passive CLI action, while it actually changes local system state and opens a service endpoint.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal